Hi there
there is a problem i caught , when I'm using docker pipeline with parallel step and agent is running from this image.
I'm using parallel where in each branch I'm spinning a docker container and run some suite in each container. Because docker-workflow plugin automatically use --volumes-from, all of those containers have /tmp , /var/run and /run mounted between each other. And that test suite works unpredictably because same files/sockets accessed from different containers.

Is there any reason to have those dirs marked as a volume or it can be considered as a bug?

Describe your use-case which is not covered by existing documentation.

It seems that the repository is set up to be built by the maintainers. However, some users, myself included, may want to build modified versions on the docker image. There are currently no indications on how images might be built manually, and there is no dependency management for building. It would benefit the inexperienced users greatly to document the build command(s) and the tools and dependencies required.

From what I've seen digging around the repository, one should have buildx plugin for Docker, have jq in PATH, and use make build to build a Linux image.

Reference any relevant documentation, other materials or issues/pull requests that can be used for inspiration.

No response

Jenkins and plugins versions report

I can't even get to the step to mount the container in Jenkins. Because I can't even start the container.

What Operating System are you using (both controller, and any agents involved in the problem)?

Reproduction steps

docker run jenkins/ssh-agent:windowsservercore-ltsc2019-jdk11 "<>"

Expected Results

The container should start and I should be able to connect to the container via SSH.

Actual Results

setup-sshd.ps1 param: <>>'
Authorizing ssh pubkey found in params.
Start-Service : Service 'OpenSSH SSH Server (sshd)' cannot be started due to
the following error: Cannot start service sshd on computer '.'.
At C:\ProgramData\Jenkins\setup-sshd.ps1:103 char:1

• Start-Service sshd

•   + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceControl
   ler:ServiceController) [Start-Service], ServiceCommandException
    + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Comman
   ds.StartServiceCommand
  
  
  

Windows IP Configuration

Ethernet adapter vEthernet (Ethernet) 4:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e0f7:7dbc:9b84:2328%38
IPv4 Address. . . . . . . . . . . : 172.29.106.107
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . : 172.29.96.1

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 3b1d27a5e0d2:0 LISTENING
TCP 0.0.0.0:5985 3b1d27a5e0d2:0 LISTENING
TCP 0.0.0.0:47001 3b1d27a5e0d2:0 LISTENING
TCP 0.0.0.0:49152 3b1d27a5e0d2:0 LISTENING
TCP 0.0.0.0:49153 3b1d27a5e0d2:0 LISTENING
TCP 0.0.0.0:49154 3b1d27a5e0d2:0 LISTENING
TCP 0.0.0.0:49155 3b1d27a5e0d2:0 LISTENING
TCP 0.0.0.0:49157 3b1d27a5e0d2:0 LISTENING
TCP 172.29.106.107:49156 13.89.179.8:https SYN_SENT
TCP [::]:135 3b1d27a5e0d2:0 LISTENING
TCP [::]:5985 3b1d27a5e0d2:0 LISTENING
TCP [::]:47001 3b1d27a5e0d2:0 LISTENING
TCP [::]:49152 3b1d27a5e0d2:0 LISTENING
TCP [::]:49153 3b1d27a5e0d2:0 LISTENING
TCP [::]:49154 3b1d27a5e0d2:0 LISTENING
TCP [::]:49155 3b1d27a5e0d2:0 LISTENING
TCP [::]:49157 3b1d27a5e0d2:0 LISTENING
UDP 0.0.0.0:5353 :
UDP 0.0.0.0:5355 :
UDP 127.0.0.1:49152 :
UDP [::]:5353 :
UDP [::]:5355 :
Get-Content : Cannot find path 'C:\ProgramData\ssh\logs\sshd.log' because it
does not exist.
At C:\ProgramData\Jenkins\setup-sshd.ps1:110 char:1

• Get-Content -Path "C:\ProgramData\ssh\logs\sshd.log" -Wait

•   + CategoryInfo          : ObjectNotFound: (C:\ProgramData\ssh\logs\sshd.lo
   g:String) [Get-Content], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetCo
   ntentCommand
  
  

Anything else?

When I start the sshd manually I get the following output. Unfortunately I can't do anything with the error message.

PS C:\Program Files\OpenSSH-Win64> .\sshd.exe
Could not connect to agent "\\.\pipe\openssh-ssh-agent": No such file or directory
sshd: no hostkeys available -- exiting.

If I run this container as root, $JAVA_HOME/bin is added to the PATH. However, when I ssh in as the jenkins user, the PATH is not propagated, and therefore the ssh-slaves plugin can't find java in the PATH.

My current workaround is to manually set the javaPath configuration value to the expected openjdk path, though this only fixes the inability to launch an agent.

What feature do you want to see added?

Instead of using OpenSSH as for today.

Upstream changes

No response

JDK versions are either passed as build argument to Dockerfiles, as Docker Bakefile variable or powershell tooling.

We should track the JDK version like in jenkinsci/docker-agent and jenkinsci/docker-inbound-agent (example: https://github.com/jenkinsci/docker-agent/blob/master/updatecli/updatecli.d/jdk11.yaml) to avoid manual PRs.

Lots ssh-slave pods remain in 'running' state in k8s cluster(AKS).
Kubernetes 1.11.2, Docker version 1.13.1, build 092cba3.

How can I fix it?

INFO: terminating ssh-slave-fvjgv since multibuild/LANG=A,VER=8 #26 seems to be finished
Sep 14, 2018 12:39:39 PM com.microsoft.jenkins.containeragents.KubernetesCloud deletePod
INFO: Terminating container instance for slave ssh-slave-fvjgv
Sep 14, 2018 12:39:39 PM okhttp3.internal.platform.Platform log
INFO: ALPN callback dropped: HTTP/2 is disabled. Is alpn-boot on the boot class path?
Sep 14, 2018 12:39:39 PM com.microsoft.jenkins.containeragents.KubernetesCloud deletePod
INFO: Terminated Kubernetes instance for slave ssh-slave-rh4d0
Sep 14, 2018 12:39:39 PM com.microsoft.jenkins.containeragents.KubernetesCloud deletePod
WARNING: Failed to terminate pod for slave ssh-slave-fvjgv
io.fabric8.kubernetes.client.KubernetesClientException: Operation: [delete]  for kind: [Pod]  with name: [ssh-slave-fvjgv]  in namespace: [default]  failed.
        at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:62)
        at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:71)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.deleteThis(BaseOperation.java:660)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.delete(BaseOperation.java:602)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.delete(BaseOperation.java:68)
        at com.microsoft.jenkins.containeragents.KubernetesCloud.deletePod(KubernetesCloud.java:288)
        at com.microsoft.jenkins.containeragents.KubernetesAgent$1.run(KubernetesAgent.java:100)
        at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
        at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.SocketException: Socket closed
        at java.net.SocketInputStream.read(SocketInputStream.java:204)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:268)
        at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:238)
        at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:149)
        at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:192)
        at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121)
        at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100)
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
        at io.fabric8.kubernetes.client.utils.HttpClientUtils$2.intercept(HttpClientUtils.java:93)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185)
        at okhttp3.RealCall.execute(RealCall.java:69)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:377)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:343)
        at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleDelete(OperationSupport.java:208)
        at io.fabric8.kubernetes.client.dsl.base.BaseOperation.deleteThis(BaseOperation.java:657)
        ... 9 more

What feature do you want to see added?

Relying on the content of the parent image eclipse-temurin makes us loose control of what is inside the image: JAVA_HOME, packages, etc. are hard to change.

We should instead start using a multi-stage image like it's done for nanoserver

Upstream changes

No response

Hi,
First of all thank you for providing this image.
By any chance can you please add a build in https://hub.docker.com/r/jenkinsci/ssh-slave to create an image based on jdk11?
thanks

Will push fix soon.

Hi all,

Faced a problem with second login via ssh to container.
First time after start of the container all works fine. But the next day I had problems with access via SSH.

Container run command is:

docker run -d -p 4222:22 -e "JENKINS_SLAVE_SSH_PUBKEY=<public key>" jenkinsci/ssh-slave

Container ps status:

# docker ps

CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS              PORTS                  NAMES
ed2f6cef25f8        jenkinsci/ssh-slave   "setup-sshd"        6 seconds ago       Up 5 seconds        0.0.0.0:4222->22/tcp   eloquent_ritchie

When I had tried to connect got this:

# ssh -i "/PATH_TO_HOME/.ssh/id_rsa" [email protected] -p 4222

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jun 19 19:47:36 2017 from XXX.XXX.XXX.XXX
Connection to XXX.XXX.XXX.XXX closed.

In docker logs i saw the next:

Address XXX.XXX.XXX.XXX maps to example.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Accepted publickey for jenkins from XXX.XXX.XXX.XXX port 38880 ssh2: RSA 28:88:c8:c0:6f:7d:84:ab:86:88:3e:XX:XX:XX:XX:XX
PAM: pam_open_session(): Cannot make/remove an entry for the specified session
Received disconnect from XXX.XXX.XXX.XXX: disconnected by user

For fix the problem helped this post:
https://stackoverflow.com/questions/22547939/docker-gitlab-container-ssh-git-login-error

So, the question is:
Did I make something wrong or here has some issue which can be fixed on your side ?

Regards,
Eugene

Guys,

I'm a bit confused, what user is this container running ? I see jenkins user added but it seems os running root.

Thanks

This is more a question than an issue: Why are the so many volmues defined in this image. To my understanding the slave is / should be state less. Hence keeping tmp, var/tmp and jenkins home between deployments doesn't make sense. Or is it an optimisation because those locations are written and read frequently hence should be more performant than overlay fs.

What feature do you want to see added?

Would be nice if Dockerfiles do not use VOLUME instruction. Problem is that then the directory is only modifiable with buildkit. For example without builtkit it is not possible to assign a different uid to jenkins user. This would allow to match already existing users on host system.

Sure the problem with builtkit does not exists. But builtkit is not documented while using direct api calls, e.g. through go docker sdk: https://pkg.go.dev/github.com/docker/docker/client#Client.ImageBuild

Is there any benefit in using "VOLUME" directly in Dockerfile? Is there a difference between an anonymous volume and using directly docker file system? If someone needs a volume he/she could provide it while starting the docker container.

Some background: https://stackoverflow.com/a/55516433

#export DOCKER_BUILDKIT=1
docker build -ttest - <<EOF
FROM jenkins/ssh-agent:4.3.0-jdk11
RUN usermod -u 1200 jenkins; ls -ldn /home/jenkins >/test.txt
EOF

docker run --rm -it --entrypoint= test bash -c 'cat /test.txt;ls -ldn /home/jenkins'

Output:

drwxr-xr-x 2 1200 1000 4096 Jun  3 16:10 /home/jenkins
drwxr-xr-x 2 1000 1000 4096 Jun  3 16:28 /home/jenkins

The first line is during build and the second line is using built image. As you can see the change to uid 1200 is lost.

With enabled builtkit the result would be fine (but as explained difficult to archive this docker api calls):

drwxr-xr-x 1 1200 1000 4096 Feb 19 16:25 /home/jenkins
drwxr-xr-x 2 1200 1000 4096 Jun  3 16:29 /home/jenkins

As a workaround I copy/change in Dockerfile home directory to a different directory but this does not feel nice.

Upstream changes

No response

Isn't the Jenkins master going to copy over its own slave.jar anyway?
Aren't the requirements for a Jenkins ssh slave only to have Java and a ssh daemon running?

Possibly #33 is a symptom of this, but since #33 is more narrowly about JAVA functionality I thought it would be good to document this separately.

No dockerfile ENV settings are honored in the jenkins build environment (the ssh shell). For instance I'd expect to be able to extend this image, put dotnet sdk on it, and opt out of telemetry via ENV DOTNET_CLI_TELEMETRY_OPTOUT=true, but that would not be honored if set.

I tried to work around this by using RUN to append to the /home/jenkins/.profile, but (I think?) that is blown away because jenkins dir is a volume. I also tried putting it in /etc/profile, which works when I ssh in manually (as jenkins), but not in environment that results from jenkins plugin attaching.

Jenkins and plugins versions report

Not relevant to issue

What Operating System are you using (both controller, and any agents involved in the problem)?

Both controller and agent are running on an Ubuntu VPS in Docker containers. Controller is running jenkins/jenkins:lts. Agent is running jenkins/ssh-agent:jdk11.

Reproduction steps

On the agent container, run git clone https://github.com/smdrager/repo (this can be done either directly in interactive shell, or through a command from the controller via SSH.

Expected Results

Clones the repo.

Actual Results

ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git fetch --tags --force --progress -- https://github.com/smdrager/repo/ +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to access 'https://github.com/smdrager/repo/': server certificate verification failed. CAfile: none CRLfile: none

Anything else?

The ca-certificates package seems to be missing from the image. If I manually install it within the container via apt update apt install ca-certificates, the clone works fine. Is this an expected need for the image to talk to any https-enable repo?

Thank you!

Does anybody know whether a docker ssh agent for windows container exists?

Jenkins and plugins versions report

Paste the output here

What Operating System are you using (both controller, and any agents involved in the problem)?

ubuntu 20.04

Reproduction steps

1. build image from dockerfile: https://github.com/jenkinsci/docker-ssh-agent/blob/master/11/bullseye/Dockerfile
2. run container

Expected Results

container should run with args

Actual Results

docker container fails to start:

docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "setup-sshd": executable file not found in $PATH: unknown.
ERRO[0000] error waiting for container: context canceled

Anything else?

in docker file either add:

RUN echo "PATH=${PATH}" >> /etc/environment
COPY setup-sshd /usr/local/bin/setup-sshd
RUN chmod +x /usr/local/bin/setup-sshd

EXPOSE 22

ENTRYPOINT ["setup-sshd"]

or

RUN echo "PATH=${PATH}" >> /etc/environment
COPY setup-sshd /usr/local/bin/setup-sshd


EXPOSE 22

ENTRYPOINT ["bash","setup-sshd"]

Jenkins and plugins versions report

Jenkins: 2.361.4
OS: Linux - 6.0.6-76060006-generic
---
ace-editor:1.1
ant:481.v7b_09e538fcca
antisamy-markup-formatter:155.v795fb_8702324
apache-httpcomponents-client-4-api:4.5.13-138.v4e7d9a_7b_a_e61
bootstrap5-api:5.2.1-3
bouncycastle-api:2.26
branch-api:2.1051.v9985666b_f6cc
build-timeout:1.25
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
checks-api:1.8.0
cloudbees-folder:6.758.vfd75d09eea_a_1
command-launcher:90.v669d7ccb_7c31
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-27.vb_fa_3896786a_7
credentials:1189.vf61b_a_5e2f62e
credentials-binding:523.vd859a_4b_122e6
display-url-api:2.3.6
durable-task:501.ve5d4fc08b0be
echarts-api:5.4.0-1
email-ext:2.92
font-awesome-api:6.2.1-1
git:4.14.0
git-client:3.13.0
github:1.36.0
github-api:1.303-400.v35c2d8258028
github-branch-source:1696.v3a_7603564d04
gradle:2.1.1
instance-identity:116.vf8f487400980
ionicons-api:31.v4757b_6987003
jackson2-api:2.13.4.20221013-295.v8e29ea_354141
jakarta-activation-api:2.0.1-2
jakarta-mail-api:2.0.1-2
javax-activation-api:1.2.0-5
javax-mail-api:1.6.2-8
jaxb:2.3.7-1
jdk-tool:63.v62d2fd4b_4793
jjwt-api:0.11.5-77.v646c772fddb_0
jquery3-api:3.6.1-2
jsch:0.1.55.61.va_e9ee26616e7
junit:1160.vf1f01a_a_ea_b_7f
ldap:2.12
mailer:438.v02c7f0a_12fa_4
matrix-auth:3.1.5
matrix-project:785.v06b_7f47b_c631
mina-sshd-api-common:2.9.2-50.va_0e1f42659a_a
mina-sshd-api-core:2.9.2-50.va_0e1f42659a_a
momentjs:1.1.1
okhttp-api:4.9.3-108.v0feda04578cf
pam-auth:1.10
pipeline-build-step:2.18
pipeline-github-lib:38.v445716ea_edda_
pipeline-graph-analysis:195.v5812d95a_a_2f9
pipeline-groovy-lib:621.vb_44ce045b_582
pipeline-input-step:456.vd8a_957db_5b_e9
pipeline-milestone-step:101.vd572fef9d926
pipeline-model-api:2.2118.v31fd5b_9944b_5
pipeline-model-definition:2.2118.v31fd5b_9944b_5
pipeline-model-extensions:2.2118.v31fd5b_9944b_5
pipeline-rest-api:2.27
pipeline-stage-step:296.v5f6908f017a_5
pipeline-stage-tags-metadata:2.2118.v31fd5b_9944b_5
pipeline-stage-view:2.27
plain-credentials:139.ved2b_9cf7587b
plugin-util-api:2.18.0
popper2-api:2.11.6-2
resource-disposer:0.20
scm-api:621.vda_a_b_055e58f7
script-security:1218.v39ca_7f7ed0a_c
snakeyaml-api:1.33-90.v80dcb_3814d35
ssh-agent:295.v9ca_a_1c7cc3a_a_
ssh-credentials:305.v8f4381501156
ssh-slaves:2.854.v7fd446b_337c9
sshd:3.249.v2dc2ea_416e33
structs:324.va_f5d6774f3a_d
timestamper:1.21
token-macro:321.vd7cc1f2a_52c8
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
workflow-aggregator:590.v6a_d052e5a_a_b_5
workflow-api:1200.v8005c684b_a_c6
workflow-basic-steps:994.vd57e3ca_46d24
workflow-cps:3536.vb_8a_6628079d5
workflow-durable-task-step:1217.v38306d8fa_b_5c
workflow-job:1254.v3f64639b_11dd
workflow-multibranch:716.vc692a_e52371b_
workflow-scm-step:400.v6b_89a_1317c9a_
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
ws-cleanup:0.43

What Operating System are you using (both controller, and any agents involved in the problem)?

Host is ubuntu 22.04 using docker images version:
server: jenkins/jenkins:lts-jdk11
agent: jenkins/ssh-agent:jdk11

Reproduction steps

Run docker compose and setup jenkins server
Add proper ssh credential to jenkins server and jenkins agent
Add new ssh agent on the jenkins server
Sever wont be able to copy remote.jar file because it does not have permissions for /home/jenkins/agent

Docker compose file:
version: "3.9"
#lts-jdk11
services:
jenkins:
image: jenkins/jenkins:lts-jdk11
container_name: jenkins-server
privileged: true
hostname: jenkinsserver
user: root
ports:
- "8080:8080"
- "50000:50000"
volumes:
- jenkins-data:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
agent:
image: jenkins/ssh-agent:jdk11
#build: ./
#privileged: true
user: root
container_name: agent
expose:
- 22
environment:
- JENKINS_AGENT_SSH_PUBKEY=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8qhkKLoyV3rRT++FGjgRVQHuUXx/Ly1hQAfzLoT/fa umezawa@yoko

volumes:
jenkins-data:

Expected Results

Jenkins agent should be added to the nodes on jenkins server

Actual Results

SSHLauncher{host='agent', port=22, credentialsId='jenk-slave-cred', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.NonVerifyingKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true}
[11/23/22 19:09:26] [SSH] Opening SSH connection to agent:22.
[11/23/22 19:09:26] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
[11/23/22 19:09:26] [SSH] Authentication successful.
[11/23/22 19:09:26] [SSH] The remote user's environment is:
AGENT_WORKDIR=/home/jenkins/agent
BASH=/bin/bash
BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=([0]="0")
BASH_ARGV=()
BASH_CMDS=()
BASH_EXECUTION_STRING=set
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="5" [1]="1" [2]="4" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu")
BASH_VERSION='5.1.4(1)-release'
DIRSTACK=()
EUID=1000
GROUPS=()
HOME=/home/jenkins
HOSTNAME=08f478e63945
HOSTTYPE=x86_64
IFS=$' \t\n'
JAVA_HOME=/opt/java/openjdk
JENKINS_AGENT_HOME=/home/jenkins
JENKINS_AGENT_SSH_PUBKEY='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8qhkKLoyV3rRT++FGjgRVQHuUXx/Ly1hQAfzLoT/fa umezawa@yoko'
LC_ALL=C.UTF-8
LOGNAME=jenkins
MACHTYPE=x86_64-pc-linux-gnu
MOTD_SHOWN=pam
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PIPESTATUS=([0]="0")
PPID=20
PS4='+ '
PWD=/home/jenkins
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:interactive-comments
SHLVL=1
SSH_CLIENT='172.18.0.3 50066 22'
SSH_CONNECTION='172.18.0.3 50066 172.18.0.2 22'
TERM=dumb
UID=1000
USER=jenkins
_=']'
Checking Java version in the PATH
openjdk version "11.0.16.1" 2022-08-12
OpenJDK Runtime Environment Temurin-11.0.16.1+1 (build 11.0.16.1+1)
OpenJDK 64-Bit Server VM Temurin-11.0.16.1+1 (build 11.0.16.1+1, mixed mode)
[11/23/22 19:09:26] [SSH] Checking java version of /home/jenkins/agent/jdk/bin/java
Couldn't figure out the Java version of /home/jenkins/agent/jdk/bin/java
bash: line 1: /home/jenkins/agent/jdk/bin/java: No such file or directory

[11/23/22 19:09:26] [SSH] Checking java version of java
[11/23/22 19:09:26] [SSH] java -version returned 11.0.16.1.
[11/23/22 19:09:26] [SSH] Starting sftp client.
[11/23/22 19:09:26] [SSH] Copying latest remoting.jar...
java.io.IOException: Could not copy remoting.jar into '/home/jenkins/agent' on agent
at hudson.plugins.sshslaves.SSHLauncher.copyAgentJar(SSHLauncher.java:733)
at hudson.plugins.sshslaves.SSHLauncher.lambda$launch$0(SSHLauncher.java:456)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.IOException: Could not copy remoting.jar to '/home/jenkins/agent/remoting.jar' on agent
at hudson.plugins.sshslaves.SSHLauncher.copyAgentJar(SSHLauncher.java:725)
... 5 more
Caused by: com.trilead.ssh2.SFTPException: Permission denied (SSH_FX_PERMISSION_DENIED: The user does not have sufficient permissions to perform the operation.)
at com.trilead.ssh2.SFTPv3Client.openFile(SFTPv3Client.java:1201)
at com.trilead.ssh2.SFTPv3Client.createFile(SFTPv3Client.java:1074)
at com.trilead.ssh2.SFTPv3Client.createFile(SFTPv3Client.java:1055)
at com.trilead.ssh2.jenkins.SFTPClient.writeToFile(SFTPClient.java:102)
at hudson.plugins.sshslaves.SSHLauncher.copyAgentJar(SSHLauncher.java:718)
... 5 more
[11/23/22 19:09:26] Launch failed - cleaning up connection
[11/23/22 19:09:26] [SSH] Connection closed.

Anything else?

A work around was to modify the setup-sshd file to modify the permissions for the directory /home/jenkins/agent
to allow for the "jenkins" user to write files to the agent

Jenkins requires Java 11 since June 2022 for the weekly release line and September 2022 for LTS release line.

For the jenkinsci/docker-agent and jenkinsci/docker-inbound-agent, a last release had been delivered a few month ago with the latest remoting agent.jar compatible with JDK8 (ref. jenkinsci/docker-agent#298).

For the SSH agent image here, there is no requirement around the agent.jar because it is not part of the image.
However it does not make sense to ship JDK8 version anymore.

Proposal: we should deprecate JDK8 SSH agent images (and associated tooling such as dependabot) in a new 5.x.y release line (current release is 4.10.0) on the principal branch.

The only "danger" is to be careful to properly write the changelog (either with good PR title and labelling to hint release-drafter, or even when publishing the release).

Ping @Poddingue @MarkEWaite @timja @NotMyFault @basil @halkeye @jglick @imonteroperez do you see any potential problem for this?

Version report

Jenkins and plugins versions report:

Jenkins: 2.289.3
OS: Linux - 3.10.0-1127.8.2.el7.x86_64

ace-editor:1.1
analysis-model-api:10.3.0
ant:1.11
antisamy-markup-formatter:2.1
apache-httpcomponents-client-4-api:4.5.13-1.0
authentication-tokens:1.4
batch-task:1.19
bootstrap4-api:4.6.0-3
bootstrap5-api:5.1.1-1
bouncycastle-api:2.24
branch-api:2.7.0
build-monitor-plugin:1.12+build.201809061734
buildtriggerbadge:2.11
caffeine-api:2.9.2-29.v717aac953ff3
checks-api:1.7.2
chucknorris:1.4
cloudbees-folder:6.16
cloverphp:0.6
command-launcher:1.6
conditional-buildstep:1.4.1
config-autorefresh-plugin:1.0
config-file-provider:3.8.1
configurationslicing:1.52
credentials:2.6.1
credentials-binding:1.27
cvs:2.19
data-tables-api:1.11.2-1
delivery-pipeline-plugin:1.4.2
dependency-check-jenkins-plugin:5.1.1
dependency-track:4.0.0
display-url-api:2.3.5
docker-commons:1.17
docker-java-api:3.1.5.2
docker-plugin:1.2.3
docker-swarm:1.11
docker-workflow:1.26
dtkit-api:3.0.0
durable-task:1.39
echarts-api:5.1.2-11
email-ext:2.83
extended-choice-parameter:0.82
extended-read-permission:3.2
external-monitor-job:1.7
font-awesome-api:5.15.4-1
forensics-api:1.3.1
gatling:1.3.0
git:4.8.2
git-client:3.9.0
git-parameter:0.9.13
git-server:1.10
gitlab-plugin:1.5.20
global-build-stats:1.5
global-variable-string-parameter:1.2
gradle:1.37.1
gravatar:2.2
greenballs:1.15.1
groovy:2.4
h2-api:1.4.199
handlebars:3.0.8
hidden-parameter:0.0.4
htmlpublisher:1.25
jackson2-api:2.12.4
javadoc:1.6
jdepend:1.3.0
jdk-tool:1.5
jobConfigHistory:2.28.1
jquery:1.12.4-1
jquery-detached:1.2.1
jquery3-api:3.6.0-2
jsch:0.1.55.2
junit:1.53
ldap:2.7
lockable-resources:2.11
m2release:0.16.2
mailer:1.34
managed-scripts:1.5.4
mapdb-api:1.0.9.0
matrix-auth:2.6.8
matrix-project:1.19
maven-metadata-plugin:2.0.0
maven-plugin:3.12
momentjs:1.1.1
monitoring:1.88.0
nexus-artifact-uploader:2.13
pam-auth:1.6
parameterized-trigger:2.41
phing:0.13.3
pipeline-build-step:2.15
pipeline-graph-analysis:1.11
pipeline-input-step:2.12
pipeline-maven:3.10.0
pipeline-milestone-step:1.3.2
pipeline-model-api:1.9.2
pipeline-model-definition:1.9.2
pipeline-model-extensions:1.9.2
pipeline-rest-api:2.19
pipeline-stage-step:2.5
pipeline-stage-tags-metadata:1.9.2
pipeline-stage-view:2.19
pipeline-utility-steps:2.10.0
plain-credentials:1.7
plot:2.1.9
plugin-util-api:2.4.0
popper-api:1.16.1-2
popper2-api:2.10.1-1
project-inheritance:21.04.03
promoted-builds:3.10
publish-over:0.22
publish-over-ssh:1.22
rebuild:1.32
repository-connector:2.0.5
role-strategy:3.2.0
run-condition:1.5
scm-api:2.6.5
script-security:1.78
snakeyaml-api:1.29.1
sonar:2.13.1
ssh-credentials:1.19
ssh-slaves:1.33.0
sshd:3.1.0
structs:1.23
subversion:2.14.4
token-macro:266.v44a80cf277fd
translation:1.16
trilead-api:1.0.13
uno-choice:2.5.6
warnings-ng:9.5.0
windows-slaves:1.8
workflow-aggregator:2.6
workflow-api:2.46
workflow-basic-steps:2.24
workflow-cps:2.94
workflow-cps-global-lib:2.21
workflow-durable-task-step:2.40
workflow-job:2.41
workflow-multibranch:2.26
workflow-scm-step:2.13
workflow-step-api:2.24
workflow-support:3.8
xunit:3.0.3

• What Operating System are you using (both controller, and any agents involved in the problem)?

Jenkins controller and agent running on same linux VM : RHEL7
Everything runs using docker version 18.03.1-ce, build 9ee9f40

Reproduction steps

run ssh agent (same behavior on VM and on my docker desktop up to date on my laptop)

docker run -d -e "JENKINS_AGENT_SSH_PUBKEY=<SSH_PUB_KEY>" jenkins/ssh-agent:4.1.0-jdk8

display logs on created container (do it quick because it will disappear in few seconds)

docker logs <CONTAINER_ID> -f

Results

Expected result:

SSH is running.

In container log...

... (init script)
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.

Actual result:

Failure => SSH is not running

In container log...

• [[ <SSH_PUB_KEY> == ssh-* ]]
• write_key '<SSH_PUB_KEY>'
• local ID_GROUP
  ++ stat -c %U:%G /home/jenkins
  stat: cannot statx '/home/jenkins': Operation not permitted
• ID_GROUP=

My investigation :

I think issue is linked to call using linux command stat here :

Using --privileged in docker run solve the problem :

docker run -d --privileged -e "JENKINS_AGENT_SSH_PUBKEY=<SSH_PUB_KEY>" jenkins/ssh-agent:4.1.0-jdk8

 command: |
    "ssh-rsa something"

This is the yaml that you have to use if using docker compose with this container. Would be nice if it used an environment variable instead. I would make the change but since i am sure everyone is using master of this image you would now have to support both ways making the startup script pretty messy.

What feature do you want to see added?

Same as jenkinsci/docker-agent#424

Upstream changes

No response

Same as jenkinsci/docker-agent#475 but concerning both nanoserver and windowsservercore images in this repository.

Expected Results

Having the Windows base image flavors corresponding to the ssh agent flavors.

Actual Results

ltsc2019 images are based on 1809 Windows images.

Jenkins and plugins versions report

Paste the output here

What Operating System are you using (both controller, and any agents involved in the problem)?

I'm trying to create jenkins ssh-agent on Google Autopilot cluster with this file jenkins-agent-android.yaml

---
###
# Jenkins SSH Agent - Android
###
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins-agent-android
  namespace: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins-agent-android
  template:
    metadata:
      namespace: jenkins
      labels:
        app: jenkins-agent-android
    spec:
      containers:
      - name: jenkins
        resources:
          limits:
            cpu: 8000m
            ephemeral-storage: 10Gi
            memory: 12Gi
          requests:
            cpu: 8000m
            ephemeral-storage: 1Gi
            memory: 12Gi
        env:
        - name: TZ
          value: Asia/Jakarta
        - name: JENKINS_AGENT_SSH_PUBKEY
          value: "ssh-rsa AAAA... jenkins"        
        image: jenkins/ssh-agent
        ports:
        - containerPort: 22

---
apiVersion: v1
kind: Service
metadata:
  name: jenkins-agent-android-service
  namespace: jenkins
spec:
  ports:
  - name: ssh
    port: 22
    targetPort: 22
    protocol: TCP
  selector:
    app: jenkins-agent-android

---

Reproduction steps

1. kubectl apply -f jenkins-agent-android.yaml
2. kubectl logs -f -n jenkins jenkins-agent-android-xxx

Expected Results

...
+ exec /usr/sbin/sshd -D -e
Server listening on ... port 22.

Actual Results

+ [[ ssh-rsa AAAA... jenkins == ssh-* ]]
+ write_key 'ssh-rsa AAAA... jenkins'
+ local ID_GROUP
++ stat -c %U:%G /home/jenkins
+ ID_GROUP=jenkins:jenkins
+ mkdir -p /home/jenkins/.ssh
+ echo 'ssh-rsa AAAA... jenkins'
+ chown -Rf jenkins:jenkins /home/jenkins/.ssh
+ chmod 0700 -R /home/jenkins/.ssh
+ [[ '' == ssh-* ]]
+ env
+ grep _
+ [[ 0 -gt 0 ]]
+ ssh-keygen -A
ssh-keygen: generating new host keys: DSA
+ exec /usr/sbin/sshd -D -e
Missing privilege separation directory: /run/sshd

Anything else?

No response

As a user, I would like to see some image versions which explicitly point to changelogs. We also do not want to build all development branches here, so DockerHub needs reconfiguration.

Are there any plans for a JDK-11 version of this image the same way there are tags for the jnlp-slave image?

If required, I can assist in creating a PR.

Jenkins and plugins versions report

Paste the output here

What Operating System are you using (both controller, and any agents involved in the problem)?

Trivy just flagged these private key files as secrets and until now I didn't know they were in here. What is the purpose of these?

root@65660bb4c656:/etc/ssh# ls -al *key*
-rw------- 1 root root  513 Apr 27 02:07 ssh_host_ecdsa_key
-rw-r--r-- 1 root root  182 Apr 27 02:07 ssh_host_ecdsa_key.pub
-rw------- 1 root root  411 Apr 27 02:07 ssh_host_ed25519_key
-rw-r--r-- 1 root root  102 Apr 27 02:07 ssh_host_ed25519_key.pub
-rw------- 1 root root 2610 Apr 27 02:07 ssh_host_rsa_key
-rw-r--r-- 1 root root  574 Apr 27 02:07 ssh_host_rsa_key.pub

cat ssh_host_rsa_key.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXf6Mau+UNRzXQ0YiLjDh9FuHnORh2quSqgqCGuh0ZpLJmshIHEMdg7xq1ZY/t8CzeGkREvv3acqOMS3J87SNGCnZM7D7++GjqOVnnXUqLv2JxMjTTUUpTB7ATMUCsSa4ZlF/UxBaz62iZEbvi0GM2k3U/GH28
UhMW7BtWUsKOZQ8JzDhiwa0pxF95WncM81sCBotSKcTmshb1PTQTbXMpweYn0+y849SmuQCp5LhxeO9xWjuutbqqwbpZWVRq1p/BbzN29O/cDYFnC//aPYsYzTHHFKxE9STkRuFLxf0Om7zjxzIvfg2LyYZ1bW6sXuL9PUyp9wnR4Xp0fQb7aM/PSxdktwFCDvgC
RJJO0IGxQzpUEQuCRC1ijU7Fqk1hQJXRFeuuiRxzG3zaEzpH/JCx389Xme40T1d9BogiI5qVlknTK7UkIj0WA3MyvguT1M4S3evaraL4UUfm38dK2/Nm6Ingm2EWTKU7eHszhVVF895bJ2M/azs4tlCVz2RkJBs= root@buildkitsandbox

### Reproduction steps


Reproduce:

docker run --rm -it jenkins/ssh-agent:jdk11 cat /etc/ssh/ssh_host_rsa_key.pub
Unable to find image 'jenkins/ssh-agent:jdk11' locally
jdk11: Pulling from jenkins/ssh-agent
Digest: sha256:55097f121513fd49ec7e065c0500c480cbacbd818ee91be8804d5c80e75ac0ac
Status: Downloaded newer image for jenkins/ssh-agent:jdk11

• [[ '' == ssh-* ]]
• [[ '' == ssh-* ]]
• env
• grep _
• [[ 2 -gt 0 ]]
• echo 'setup-sshd params: cat' /etc/ssh/ssh_host_rsa_key.pub
  setup-sshd params: cat /etc/ssh/ssh_host_rsa_key.pub
• [[ cat == ssh-* ]]
• [[ cat /etc/ssh/ssh_host_rsa_key.pub == /\u\s\r/\s\b\i\n/\s\s\h\d\ -\D\ -\p\ \2\2 ]]
• echo 'Executing params: '''cat' '/etc/ssh/ssh_host_rsa_key.pub''''
  Executing params: 'cat /etc/ssh/ssh_host_rsa_key.pub'
• exec cat /etc/ssh/ssh_host_rsa_key.pub
  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXf6Mau+UNRzXQ0YiLjDh9FuHnORh2quSqgqCGuh0ZpLJmshIHEMdg7xq1ZY/t8CzeGkREvv3acqOMS3J87SNGCnZM7D7++GjqOVnnXUqLv2JxMjTTUUpTB7ATMUCsSa4ZlF/UxBaz62iZEbvi0GM2k3U/GH28
  UhMW7BtWUsKOZQ8JzDhiwa0pxF95WncM81sCBotSKcTmshb1PTQTbXMpweYn0+y849SmuQCp5LhxeO9xWjuutbqqwbpZWVRq1p/BbzN29O/cDYFnC//aPYsYzTHHFKxE9STkRuFLxf0Om7zjxzIvfg2LyYZ1bW6sXuL9PUyp9wnR4Xp0fQb7aM/PSxdktwFCDvgC
  RJJO0IGxQzpUEQuCRC1ijU7Fqk1hQJXRFeuuiRxzG3zaEzpH/JCx389Xme40T1d9BogiI5qVlknTK7UkIj0WA3MyvguT1M4S3evaraL4UUfm38dK2/Nm6Ingm2EWTKU7eHszhVVF895bJ2M/azs4tlCVz2RkJBs= root@buildkitsandbox

Expected Results

Was not expecting any pub/priv keys in /etc/ssh/

Actual Results

pub/priv keys in /etc/ssh/

Anything else?

Should these be removed? Do they hold some functionality for our use?

Dockerfiles for both Debian buster OpenJDK versions fails to build due to missing binary.

This is the output of my docker build run where it shows that the binary is missing and cannot copy to /usr/local/bin. Its a possible issue with the use of of COPY

Here is the output of my docker build run.

Sending build context to Docker daemon   2.56kB
Step 1/15 : FROM openjdk:8-jdk-buster
 ---> eca41db787bd
Step 2/15 : ARG user=jenkins
 ---> Running in 66b1ad0ef5ed
Removing intermediate container 66b1ad0ef5ed
 ---> c8288a387df7
Step 3/15 : ARG group=jenkins
 ---> Running in 6675cf997f8e
Removing intermediate container 6675cf997f8e
 ---> a74438adc418
Step 4/15 : ARG uid=1000
 ---> Running in 462dc050ca7b
Removing intermediate container 462dc050ca7b
 ---> 5dc412a020d7
Step 5/15 : ARG gid=1000
 ---> Running in 305ae8848991
Removing intermediate container 305ae8848991
 ---> c0374b23b548
Step 6/15 : ARG JENKINS_AGENT_HOME=/home/${user}
 ---> Running in e2ce91a011ec
Removing intermediate container e2ce91a011ec
 ---> 168ecb0b2f78
Step 7/15 : ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME}
 ---> Running in 207effaa3adf
Removing intermediate container 207effaa3adf
 ---> 94c3cad902b1
Step 8/15 : RUN groupadd -g ${gid} ${group}     && useradd -d "${JENKINS_AGENT_HOME}" -u "${uid}" -g "${gid}" -m -s /bin/bash "${user}"
 ---> Running in dff2486a9ac6
Removing intermediate container dff2486a9ac6
 ---> 5b31f9d466d6
Step 9/15 : RUN apt-get update     && apt-get install --no-install-recommends -y openssh-server     && rm -rf /var/lib/apt/lists/*
 ---> Running in 4dc17f8a2e0a
Get:1 http://deb.debian.org/debian buster InRelease [121 kB]
Get:2 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:4 http://security.debian.org/debian-security buster/updates/main amd64 Packages [290 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 Packages [7907 kB]
Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [10.9 kB]
Fetched 8447 kB in 2s (5421 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  libwrap0 openssh-sftp-server
Suggested packages:
  molly-guard monkeysphere rssh ssh-askpass ufw
Recommended packages:
  default-logind | logind | libpam-systemd ncurses-term xauth
The following NEW packages will be installed:
  libwrap0 openssh-server openssh-sftp-server
0 upgraded, 3 newly installed, 0 to remove and 1 not upgraded.
Need to get 455 kB of archives.
After this operation, 1719 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main amd64 libwrap0 amd64 7.6.q-28 [58.7 kB]
Get:2 http://deb.debian.org/debian buster/main amd64 openssh-sftp-server amd64 1:7.9p1-10+deb10u2 [44.6 kB]
Get:3 http://deb.debian.org/debian buster/main amd64 openssh-server amd64 1:7.9p1-10+deb10u2 [352 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 455 kB in 0s (10.9 MB/s)
Selecting previously unselected package libwrap0:amd64.
(Reading database ... 12572 files and directories currently installed.)
Preparing to unpack .../libwrap0_7.6.q-28_amd64.deb ...
Unpacking libwrap0:amd64 (7.6.q-28) ...
Selecting previously unselected package openssh-sftp-server.
Preparing to unpack .../openssh-sftp-server_1%3a7.9p1-10+deb10u2_amd64.deb ...
Unpacking openssh-sftp-server (1:7.9p1-10+deb10u2) ...
Selecting previously unselected package openssh-server.
Preparing to unpack .../openssh-server_1%3a7.9p1-10+deb10u2_amd64.deb ...
Unpacking openssh-server (1:7.9p1-10+deb10u2) ...
Setting up openssh-sftp-server (1:7.9p1-10+deb10u2) ...
Setting up libwrap0:amd64 (7.6.q-28) ...
Setting up openssh-server (1:7.9p1-10+deb10u2) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline

Creating config file /etc/ssh/sshd_config with new version
Creating SSH2 RSA key; this may take some time ...
2048 SHA256:kknagd6umyG9iHxFB5J7YZQxlr4uUhXAFaxpklKHRMI root@4dc17f8a2e0a (RSA)
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:j6lWfXLrgyq/fr72gkhcRbGDDfd6MJlWsMpC2HZCK/c root@4dc17f8a2e0a (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:819bi3PoQmbf01asPFBoFPt8yBUtL5NXr1uQ4XDmc40 root@4dc17f8a2e0a (ED25519)
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of start.
Processing triggers for libc-bin (2.28-10) ...
Removing intermediate container 4dc17f8a2e0a
 ---> 25909b48feb4
Step 10/15 : RUN sed -i /etc/ssh/sshd_config         -e 's/#PermitRootLogin.*/PermitRootLogin no/'         -e 's/#RSAAuthentication.*/RSAAuthentication yes/'          -e 's/#PasswordAuthentication.*/PasswordAuthentication no/'         -e 's/#SyslogFacility.*/SyslogFacility AUTH/'         -e 's/#LogLevel.*/LogLevel INFO/' &&     mkdir /var/run/sshd
 ---> Running in ce82649b7ec3
Removing intermediate container ce82649b7ec3
 ---> 92fcc123cc56
Step 11/15 : VOLUME "${JENKINS_AGENT_HOME}" "/tmp" "/run" "/var/run"
 ---> Running in 9f808108d40f
Removing intermediate container 9f808108d40f
 ---> 88c2aef7e437
Step 12/15 : WORKDIR "${JENKINS_AGENT_HOME}"
 ---> Running in c55cb1566a6e
Removing intermediate container c55cb1566a6e
 ---> 6e50038da8ae
Step 13/15 : RUN cp setup-sshd /usr/local/bin/setup-sshd
 ---> Running in 492ad2fa2a49
cp: cannot stat 'setup-sshd': No such file or directory
The command '/bin/sh -c cp setup-sshd /usr/local/bin/setup-sshd' returned a non-zero code: 1

I am trying to setup jenkins/jenkins (main controller) and jenkins/ssh-agent on the same host with docker.
I have no problem with running jobs on main controller with built-in node.

But I can't figure out how to setup ssh-agent correctly.

Below is my setup.

docker-compose.yml
--------------------------------------------------------------------
  jenkins-agent:
    container_name: jenkins-agent
    restart: unless-stopped
    build:
      context: ./jenkins-agent
      dockerfile: Dockerfile
    ports:
      - 222:22
    depends_on:
      - jenkins-master
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
    env_file:
      - ./jenkins-agent/.env.dev

jenkins-agent/Dockerfile
--------------------------------------------------------------------
FROM jenkins/ssh-agent:3.0.0-alpine

jenkins-agent/.env.dev
--------------------------------------------------------------------
JENKINS_AGENT_SSH_PUBKEY=ssh-rsa ...

I tried to connect to it with ssh from terminal but no luck. SSH key should be OK.

I don't know if I am missing something simple, but I am kind of stuck.

Any help would be appreciated.
Thanks

What feature do you want to see added?

As an agent image, Alpine can be really useful.
Since Temurin is providing official images for Alpine (ref. #119 ), it could be interesting to add the same declination for all JDKs.

Upstream changes

No response

Jenkins and plugins versions report

Paste the output here

What Operating System are you using (both controller, and any agents involved in the problem)?

I'm following the directions here: https://www.jenkins.io/doc/book/using/using-agents/

The agent is your alpine image.

The controller is running on the HV, which is Centos 7

Reproduction steps

Exactly as described here: https://www.jenkins.io/doc/book/using/using-agents/

sudo docker run -d --rm --name=agent1 -p 4444:22
-e "JENKINS_AGENT_SSH_PUBKEY=ssh-rsa [key stuff]"
jenkins/ssh-agent:alpine

Expected Results

8. You should now see This node is being launched.. If that’s not the case, you can now press the Relaunch agent button and wait a few seconds. You can now click on the Log button on the left, then you should receive
   the message: Agent successfully connected and online on the last log line.

Actual Results

SSHLauncher{host='172.17.0.2', port=22, credentialsId='jenkins', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.ManuallyTrustedKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true}
[05/22/22 11:57:52] [SSH] Opening SSH connection to 172.17.0.2:22.
[05/22/22 11:57:52] [SSH] SSH host key matches key seen previously for this host. Connection will be allowed.
[05/22/22 11:57:52] [SSH] Authentication successful.
[05/22/22 11:57:52] [SSH] The remote user's environment is:
BASH=/bin/bash
BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_EXECUTION_STRING=set
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="5" [1]="0" [2]="17" [3]="1" [4]="release" [5]="x86_64-alpine-linux-musl")
BASH_VERSION='5.0.17(1)-release'
DIRSTACK=()
EUID=1000
GROUPS=()
HOME=/home/jenkins
HOSTNAME=081269b60664
HOSTTYPE=x86_64
IFS=$' \t\n'
LOGNAME=jenkins
MACHTYPE=x86_64-alpine-linux-musl
MAIL=/var/mail/jenkins
OPTERR=1
OPTIND=1
OSTYPE=linux-musl
PATH=/bin:/usr/bin:/sbin:/usr/sbin
PPID=39
PS4='+ '
PWD=/home/jenkins
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:interactive-comments
SHLVL=1
SSH_CLIENT='172.17.0.1 47632 22'
SSH_CONNECTION='172.17.0.1 47632 172.17.0.2 22'
TERM=dumb
UID=1000
USER=jenkins
_=bash
Checking Java version in the PATH
bash: java: command not found
Java is not in the PATH nor configured with the javaPath setting, Jenkins will try to guess where is Java, this guess will be removed in the future. :Launch agents via SSH
[05/22/22 11:57:52] [SSH] Checking java version of /home/jenkins/jdk/bin/java
Couldn't figure out the Java version of /home/jenkins/jdk/bin/java
bash: /home/jenkins/jdk/bin/java: No such file or directory

[05/22/22 11:57:52] [SSH] Checking java version of java
Couldn't figure out the Java version of java
bash: java: command not found

[05/22/22 11:57:52] [SSH] Checking java version of /usr/bin/java
Couldn't figure out the Java version of /usr/bin/java
bash: /usr/bin/java: No such file or directory

[05/22/22 11:57:52] [SSH] Checking java version of /usr/java/default/bin/java
Couldn't figure out the Java version of /usr/java/default/bin/java
bash: /usr/java/default/bin/java: No such file or directory

[05/22/22 11:57:52] [SSH] Checking java version of /usr/java/latest/bin/java
Couldn't figure out the Java version of /usr/java/latest/bin/java
bash: /usr/java/latest/bin/java: No such file or directory

[05/22/22 11:57:52] [SSH] Checking java version of /usr/local/bin/java
Couldn't figure out the Java version of /usr/local/bin/java
bash: /usr/local/bin/java: No such file or directory

[05/22/22 11:57:52] [SSH] Checking java version of /usr/local/java/bin/java
Couldn't figure out the Java version of /usr/local/java/bin/java
bash: /usr/local/java/bin/java: No such file or directory

java.io.IOException: Java not found on hudson.slaves.SlaveComputer@6caae34b. Install Java 8 or Java 11 on the Agent.
at hudson.plugins.sshslaves.JavaVersionChecker.resolveJava(JavaVersionChecker.java:83)
at hudson.plugins.sshslaves.SSHLauncher.lambda$launch$0(SSHLauncher.java:453)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
[05/22/22 11:57:52] Launch failed - cleaning up connection
[05/22/22 11:57:52] [SSH] Connection closed.

Anything else?

bash-5.0# which java
/opt/java/openjdk/bin/java

Since PR #63 is merged, creating new issue to continue discussion for changes proposed by @afischer211 at the end of the discussion on that PR:

Hello, the reason for my investigation is, that the last line of the entrypoint script is not executed. I use the docker-plugin inside jenkins for starting up slave-containers (connected by ssh). Because I want to receive the extended output of ssh with the option -e, I hope on the new version of this script by one of the last pullrequests.
But I must detect, the entrypoint script does not match for the given params of the docker-plugin. They are:
"/usr/sbin/sshd -D -p 22 -o AuthorizedKeysCommand=**** -o AuthorizedKeysCommandUser=****"
So my enhancement with regexp

"elif [[ "$@" =~ /usr/sbin/sshd\ -D\ -p\ 22.* ]]; then"

matches and works like expected (shifting out all arguments until the first -o...), the original version does not match and execute the command in the else-branch (without the -e option).

From reviewing the code it does seem that a minor tweak could improve it. The intention of shifting default sshd arguments in #63 is so that additional arguments would be passed to the SSHD command, but I see that the literal string comparison renders that useless as it will never trap the case that there actually are additional arguments.

So I see that a regex match with a wildcard on the end ought to allow the default sshd command to be trapped and stripped off by shifting, while preserving the remaining arguments to be passed to the final sshd line.

However I am concerned about the next step
exec /usr/sbin/sshd -D -e "${@}"

I am not sure of the intention of quoting the "${@}" on the last line. It comes from commit 49854a6 in #12. The commit message mentions "bash best practices" by which maybe it is referring to the general recommendation in bash to quote all your variables. However there are cases where you explicitly don't want to do that, and this strikes me as one of them. @dduportal any thoughts?

Example:

args="-f2 -d-"
echo a-b-c | cut $args
# returns 'b'
echo a-b-c | cut "$args"
# gives an error

This would seem to be a problem, not just for arguments passed after /usr/sbin/sshd -D -p 22 (in relation to PR #63) but also any multiple of arguments passed even without hitting the pubkey or /usr/shbin/sshd traps.

@afischer I do not have a convenient setup for local testing of passing some extra sshd args like this and verifying that they work, but are you saying you have implemented this change locally and seen that in the last line sshd ok with your -o AuthorizedKeysCommand=**** -o AuthorizedKeysCommandUser=**** being passed as a single quoted token? If it is working for you that would hint to me that sshd does unusual special subparsing of arguments it receives as a single token.

I have been using these images under the impression that they are made to be used with docker-plugin in jenkins to start these containers as ephemeral agents. However I've today come to the conclusion that most people must be using them for long-running/manually started agents since there's little talk of this issue.

I had previously been having lots of really strange trouble with my linux agents, especially #46 that I have still yet to figure out why it simply does not work. Then this week I needed to add some infra for windows build containers and ran into another weird issue such that these containers simply were not working for me out of the box.

As a baseline I was able to run the windows agent image manually and ssh into it successfully to get to a powershell prompt. BUT when the windows containers were being started by docker plugin, then they would die within 3-4 seconds.

By calling 'docker log {container}' soon after a container died I was able to see the following error:

PS C:\docker_testing\ssh-key-temp> docker logs wonderful_thompson
&: C:\ProgramData\Jenkins\setup-sshd.ps1:88
Line |
  88 |          & $Cmd
     |            ~~~~
     | The term '/usr/sbin/sshd' is not recognized as the name of a
     | cmdlet, function, script file, or operable program. Check the
     | spelling of the name, or if a path was included, verify that
     | the path is correct and try again.

Something in the windows container is trying to run /usr/sbin/sshd? That's definitly not right! I scoured the code for references to the string /usr/sbin/sshd, and it doesn't exist in the repo. I looked at line 88 and see this variable is the command line arguments being passed into setup-sshd. It would seem jenkins is for some reason passing this command into my windows container. I looked all over my configuration for this agent and there was nothing unusual that should be causing that. I made a custom version of the image with extra logging and bypasses this line 88, and the container was able to open. I kept searching for a cause and eventually found:
This Docker Plugin doc says:

By default, the docker plugin will execute /usr/sbin/sshd -D, therefore it is not recommended that you set the ENTRYPOINT unless you plan to pass extra arguments from Jenkins

and
This Docker Plugin issue corroborates this default behavior in the context of complaining about it causing problems for their entry point scripts. The general reaction again is "don't use entrypoint scripts with docker plugin", which I found odd because that's how docker-ssh-agent works, and understandably since it has to add the ssh public keys at startup.

We need our entrypoint script, and there is no (proper) way to make docker-plugin NOT do this, but there is a hacky way: The logic seems to be if the command you provide in your agent configuration is empty, it will run the image with "/usr/sbin/sshd -D", otherwise it will use what you provide for the command. So you can put some kind of no-op in there and it will pass that instead of /usr/sbin/sshd.

Setup-sshd, both windows and linux versions, look at that argument: If it was an ssh key provided, adds the sshkey. If it was not an ssh key, it tries to execute whatever that argument is, if it's null or empty it moves forward in the script to make the environment variables global and then run sshd at the end.

I have always left the command empty, and apparently this has gone unnoticed on my linux agents because /usr/sbin/sshd exists so it doesn't error, but it DOES mean that sshd starts before (and forever blocks) exporting the environment variables to /etc/environment. (I'm thinking, has THIS been the cause of #46 for me all long? I will test this)

In windows the same logic follows, setup-sshd detects that "/usr/sbin/sshd" is not an ssh key so it tries to execute it, which is an error in windows, and the container dies immediately.

I understand the need for the peice of code that is like

if(![System.String]::IsNullOrWhiteSpace($Cmd)) {
    if($Cmd -match "^ssh-.*") {
        Write-Key $Cmd
    } else {
        & $Cmd
        exit
    }
}

You want to easily take the ssh key as a run argument but also allow the flexibility of running alternate commands.

But I propose it be modified to specifically ignore "/usr/sbin/sshd" when passed as the command, as by default by docker-plugin. On windows this breaks everything, and on linux causes subtle unwanted behavior, and if someone was running sshd command we know we're going to run it in a few lines anyway.

# UNTESTED
if(![System.String]::IsNullOrWhiteSpace($Cmd)) {
    if($Cmd -match "^ssh-.*") {
        Write-Key $Cmd
    } else if($Cmd -match "/usr/sbin/sshd") {
        # ignore default command from jenkins docker plugin
    } else {
        & $Cmd
        exit
    }
}

....
Start-Service sshd

Ultimatly I think the true fix for this is in the docker plugin. Some general solution is needed now that windows containers are a thing. But doing this would make these images work with docker plugin as a stop gap. The alternative would be some big confusing explanation in the documentation to tell people to put a janky no-op in the command field of their agent configuration.
The same logical fix could be applied to the linux setup-sshd script to make the behavior more predictable (ie not skipping the last part of the script).

If I put one together, would someone be willing to merge a pull request like this, in theory?

Seems the container uses

• openjdk version "1.8.0_181"
• OpenJDK Runtime Environment (build 1.8.0_181-8u181-b13-2~deb9u1-b13)

and when used with MAVEN results in issues decried here:

• https://stackoverflow.com/questions/53010200/maven-surefire-could-not-find-forkedbooter-class
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911925
• https://issues.apache.org/jira/browse/SUREFIRE-1588?focusedCommentId=16671777&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16671777

FROM

Jenkins and plugins versions report

Jenkins crash with the Malformed input or input contains unmappable characters: /home/jenkins/agent/workspace/src/wp/wp-content/uploads/2017/11/._MiniatureAirDuDésertMarocainMiniatureInWueste-624x964.jpg8672861676435183506.tmp when building a project where some files have accents.

I am using the latest jenkins/ssh-agent:jdk11.

What Operating System are you using (both controller, and any agents involved in the problem)?

The docker image in ubuntu 20.04.3 with the latest jenkins/ssh-agent:jdk11.

Reproduction steps

Build a project where some files have accents

Expected Results

it builds

Actual Results

get error Malformed input or input contains unmappable characters: /home/jenkins/agent/workspace/src/wp/wp-content/uploads/2017/11/._MiniatureAirDuDésertMarocainMiniatureInWueste-624x964.jpg8672861676435183506.tmp

Anything else?

No response

Ref. https://github.com/jenkinsci/docker-agent/blob/master/updatecli/updatecli.d/alpine.yaml

Currently, the docker-ssh-agent README.md contains tags that don't seem to be supported.

Tags that are currently supported are: latest, alpine, jdk11 and latest-jdk11

Tags that seem like they're no longer supported are: jdk8-windowsservercore-1809, jdk11-windowsservercore-1809, jdk8-nanoserver-1809 and jdk11-nanoserver-1809

What feature do you want to see added?

While working on #210, I realized that there are no JDK17 Windows SSH agent image.

Upstream changes

No response

It would be useful to have also the alpine versions of the docker-ssh-slave images, similar to what we have for docker-slave
I have created the jdk-8-alpine and jdk-13-alpine versions and they seem to work.
I'd like to create a PR, but I don't know how to integrate the code in your workdlow (i.e. should I also modify the Makefile and the Jenkins? If so, how?).
If you can have a look at the code and give me some hints, I will update it and create a PR with code accodrding to your standards.

$ docker image ls  |grep jenkins    
jenkins/ssh-agent         4.1.0-jdk11             05064716224c   11 hours ago    237MB
jenkins/ssh-agent         bullseye-jdk11          05064716224c   11 hours ago    237MB
jenkins/ssh-agent         jdk11                   05064716224c   11 hours ago    237MB
jenkins/ssh-agent         latest-bullseye-jdk11   05064716224c   11 hours ago    237MB
jenkins/ssh-agent         latest-jdk11            05064716224c   11 hours ago    237MB
jenkins/ssh-agent         4.1.0-jdk8              a1295d9882e1   11 hours ago    340MB
jenkins/ssh-agent         bullseye-jdk8           a1295d9882e1   11 hours ago    340MB
jenkins/ssh-agent         jdk8                    a1295d9882e1   11 hours ago    340MB
jenkins/ssh-agent         latest-bullseye-jdk8    a1295d9882e1   11 hours ago    340MB
jenkins/ssh-agent         latest-jdk8             a1295d9882e1   11 hours ago    340MB
jenkins/ssh-agent         4.0.0-jdk11             7803431f2126   11 hours ago    237MB
jenkins/ssh-agent         4.0.0-jdk8              e16baa3ff171   11 hours ago    340MB
jenkins/ssh-agent         4.2.0-jdk17-preview     2cc9f2ee0a8c   15 hours ago    237MB
jenkins/ssh-agent         4.2.0-jdk11             091f17e6b615   15 hours ago    237MB
jenkins/ssh-agent         4.2.0-jdk8              d594412427fe   15 hours ago    340MB
jenkins/ssh-agent         <none>                  6413344b1751   10 days ago     237MB
jenkins/ssh-agent         bullseye-jdk17          1405dad25761   7 weeks ago     334MB
jenkins/ssh-agent         jdk17                   1405dad25761   7 weeks ago     334MB
jenkins/ssh-agent         latest-bullseye-jdk17   1405dad25761   7 weeks ago     334MB
jenkins/ssh-agent         latest-jdk17            1405dad25761   7 weeks ago     334MB
jenkins/ssh-agent         4.4.0-jdk11             eeb7d7f1d8e3   2 months ago    336MB
jenkins/ssh-agent         4.4.0-jdk17             6f6120776665   2 months ago    334MB
jenkins/ssh-agent         4.4.0-jdk8              5f5eb74ef76a   2 months ago    439MB
jenkins/ssh-agent         4.3.0-jdk11             3aca3b262023   9 months ago    335MB
jenkins/ssh-agent         4.3.0-jdk17-preview     354283ee4fd1   9 months ago    335MB
jenkins/ssh-agent         4.3.0-jdk8              45b41a5d1162   9 months ago    439MB
jenkins/ssh-agent         4.2.1-jdk17-preview     f24638758a5b   9 months ago    236MB

My expectation for jenkins/ssh-agent:jdk11 is to be a match for 4.4.0 and not 4.1.0.

Hello

I would like to use the jenkins/ssh-agent:windowsservercore-1809 ssh agent docker image in the Jenkins Docker Pkugin to fire windows build agents, build & test and destroy the image. I am confused on using the JENKINS_AGENT_SSH_PUBKEY. Where is my SSH public key. Are we talking about the public key on the Jenkins Master node or the agent which has the Docker Deamon running for windows containers? Could you please help me to set this up?

Thanks!!

I've created a Dockerfile:

FROM jenkins/ssh-agent:jdk11

RUN apt-get install --no-install-recommends -y git

But when I build it, it failed to install git. Error messages are:

Step 3/3 : RUN apt-get install --no-install-recommends -y git
 ---> Running in f22329c700a5
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package git
The command '/bin/sh -c apt-get install --no-install-recommends -y git' returned a non-zero code: 100
ERROR: Service 'agent1' failed to build

I checked Dockerfile of jenkins/ssh-agent:jdk11, and found this line:

rm -rf /var/lib/apt/lists/* it removes all source lists. That's why my Dockerfile failed to install git.

I want to know is it on purpose?
If so, then what is the recommended way to install packages on this agent image?

Thanks in advance!

Jenkins and plugins versions report

Paste the output here

What Operating System are you using (both controller, and any agents involved in the problem)?

MacOS, CentOS 8

Reproduction steps

1. Create a Dockerfile:

FROM jenkins/ssh-agent:jdk11

USER root

RUN apt-get update && apt-get install -y ansible

USER jenkins

2. Build the dockerfile:

docker build -t ansible-agent .

3. Run the new image:

docker run ansible-agent

Expected Results

A running Jenkins Agent container.

Actual Results

> docker run ansible-agent

+ [[ '' == ssh-* ]]
+ [[ '' == ssh-* ]]
+ env
+ grep _
/usr/local/bin/setup-sshd: line 54: /etc/environment: Permission denied

Anything else?

Simply running docker run jenkins/ssh-agent:jdk11 works perfectly. I don't see how my adding of Ansible is impacting the known-good script, but it is.

I think it might be tangentially related to #62

Jenkins and plugins versions report

What Operating System are you using (both controller, and any agents involved in the problem)?

ubuntu 18.04

Reproduction steps

git-lfs is missing in the latest image (Oct 8, 2022 at 6:19 pm) push

docker hub jenkins/ssh-agent:latest
in layer 10 shows following command:

RUN |5 user=jenkins group=jenkins uid=1000 gid=1000 JENKINS_AGENT_HOME=/home/jenkins /bin/sh -c apt-get update     && apt-get install --no-install-recommends -y openssh-server     && rm -rf /var/lib/apt/lists/* # buildkit

but in master

RUN apt-get update \
    && apt-get install --no-install-recommends -y openssh-server git-lfs netcat-traditional \
    && rm -rf /var/lib/apt/lists/*

git-lfs netcat-traditional is missing. Clearly there is a mismatch between git repo and actual docker image.

I checked some other images like jenkins/ssh-agent:jdk11 and jenkins/ssh-agent:alpine, git-lfs is not installed too.

Is it removed for some reason?

Expected Results

git is correctly installed

Actual Results

git is not installed

Anything else?

No response

The code of the tests can be improved and should be aligned with the one in https://github.com/jenkinsci/docker-slave and https://github.com/jenkinsci/docker-jnlp-slave

Jenkins and plugins versions report

Paste the output here

What Operating System are you using (both controller, and any agents involved in the problem)?

• latest (Debian Bullseye (11)?)
• Debian Bullseye (11)
• jdk17 (Debian Bullseye (11)?)
• 4.2.0 (Debian Bullseye (11)?)

Reproduction steps

Open Docker Hub and confirm that most recent images do not have a preview suffix.
Four days ago, 5 of 5 produced images did have that suffix for JDK 17.

Expected Results

No preview suffix.

Actual Results

Includes the preview suffix.

Anything else?

No response

Hey. Maybe i got something completly wrong but i would like to build my own custom image and using this one as a parent. In my customization i would like to install the AWS CLI (and the .aws/credentials file) and also a .docker/config.json file inside the /home/jenkins folder. As /home/jenkins is a volume, i cannot modify this folder as changes are not applied.

How can i place files in /home/jenkins or is the approach wrong? I would like to have an advice on how to pass the login details etc. to my Jenkins Agent. Help is really appreciated.

FROM jenkins/ssh-slave

RUN curl -sSL https://get.docker.com/ | sh
RUN apt-get update && \
    apt-get install -y openjdk-8-jdk python python-pip && \
    pip install awscli --upgrade && \
    apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
    mkdir /home/jenkins/.aws/ && \
    mkdir /home/jenkins/.docker && \
    usermod -aG docker jenkins
    
COPY id_rsa id_rsa.pub known_hosts /home/jenkins/.ssh/
COPY credentials /home/jenkins/.aws/
COPY config.json /home/jenkins/.docker/

The last commits are a year old and there are some hanging PRs. Is this repository still maintained? If not, can we expect a different image for a Jenkins SSH slave? Or is the JNLP slave the only way to go?